The Definition of NAC
What is it that makes defining network access control (NAC) technology a difficult task for many?
Is it the fact that companies with some kind of a “prevention” technology bends the definition of NAC so they can jump the bandwagon? Or is it the fact there is no standardization or a formal definition?
I believe it is both.
According to my definition, at its basis, a network access control solution must ensure that only authorized and compliant devices are allowed to access and operate on the enterprise network.
The technologies that may be used to accomplish this task may vary. They might include element detection, network discovery, quarantine capabilities, compliance assessment, various enforcement methods, etc.
NAC brings control and risk mitigation.
Like other information security technologies, it is not the one silver bullet. It is rather an important piece in the entire security posture of an enterprise. Some may argue NAC is the basis for internal network security.